🕵️‍♂️ ShadowPass

The Ultimate 40X HTTP Error Bypass Framework

Automated evasion techniques for 403 Forbidden, 401 Unauthorized, and 404 Not Found endpoints.

Features • Installation • Usage • Configuration • Disclaimer

---

🚀 Overview

ShadowPass is a comprehensive, modular Python framework designed for security researchers and penetration testers. It automates the process of bypassing HTTP 40X error pages using a sophisticated array of evasion techniques, network rotation strategies, and browser automation.

Reimagined and rewritten in Python, ShadowPass extends beyond simple header manipulation to offer a full suite of bypass capabilities including Tor integration, VPN rotation, and ML-powered CAPTCHA solving.

✨ Features

🛡️ Advanced Evasion

• Header Spoofing: Automatically rotates 20+ IP-spoofing headers (X-Forwarded-For, Client-IP, True-Client-IP, etc.).
• Method Tampering: Exploits verb-based ACLs using HTTP method overrides (X-HTTP-Method-Override) and case variations.
• Path Fuzzing: Generates 50+ path variations using URL encoding, traversal sequences, and suffix injection.
• User-Agent Rotation: Intelligently rotates user agents to mimic legitimate traffic using fake-useragent.

🌐 Network Anonymity

• Smart Proxy Rotation: Integrated support for Bright Data and ScrapingBee, plus custom proxy lists.
• Tor Circuit Management: Built-in Tor support with automatic circuit refreshing for IP rotation.
• VPN Chaining: Programmatic control for OpenVPN and WireGuard to switch exit nodes dynamically.

🤖 Automation & AI

• Headless Browser: Seamless integration with Selenium and undetected-chromedriver to bypass JS-based challenges.
• CAPTCHA Solving: Auto-solving hooks for 2Captcha and Anti-Captcha, with experimental ML-based local solving.
• Rate Limit Defense: Adaptive token-bucket rate limiting with exponential backoff and jitter algorithms.

📦 Installation

ShadowPass is built for Python 3.9+.

Quick Install

git clone https://github.com/AaryanBansal-Dev/ShadowPass.git
cd ShadowPass/python
./install.sh

Manual Install

cd ShadowPass/python
pip install .

# For all features (Browser, Tor, Captcha, ML)
pip install ".[all]"

💻 Usage

CLI Power Tool

ShadowPass comes with a rich command-line interface.

1. Basic Bypass Attempt to bypass a 403 Forbidden page on a specific URL.

shadowpass bypass http://target.com/admin

2. The "Stealth" Mode Use Tor network and a headless browser to mimic a real user.

shadowpass bypass --tor --browser http://target.com/sensitive-data

3. Batch Operation Process a list of URLs from a file with concurrent workers.

shadowpass batch urls.txt --concurrency 10 --output results.json

4. Reconnaissance Scan Analyze a target to discover which evasion technique is effective.

shadowpass scan http://target.com/api/v1 -o analysis.json

Python API

Integrate ShadowPass into your own security tools.

from shadowpass import ShadowPassClient, ShadowPassConfig

# Configure the beast
config = ShadowPassConfig()
config.tor.enabled = True
config.evasion.method_tampering = True

# Unleash
with ShadowPassClient(config) as client:
    result = client.bypass("http://target.com/admin")
    
    if result.success:
        print(f"🔓 Bypassed! Technique: {result.technique_used}")
        print(f"Response: {result.final_status}")
    else:
        print("🔒 Target remains locked.")

⚙️ Configuration

ShadowPass is highly configurable via shadowpass.yaml or environment variables.

# shadowpass.yaml
evasion:
  header_spoofing: true
  path_fuzzing: true

proxy:
  enabled: true
  rotation_interval: 5
  proxy_list:
    - http://user:[email protected]:8080

tor:
  enabled: true
  control_port: 9051

Set keys in .env:

BRIGHT_DATA_API_KEY=your_key
CAPTCHA_API_KEY=your_key

🗺️ Roadmap

• Core Evasion Engine
• Tor & Proxy Support
• Selenium Integration
• AI-driven WAF behavior analysis
• Distributed scanning nodes

⚠️ Legal Disclaimer

ShadowPass is designed for educational purposes and authorized security testing only.

The authors and contributors of ShadowPass are not responsible for any misuse of this software. You must obtain written permission from the owner of any system before using this tool against it. Using this tool for unauthorized access to computer systems is illegal and punishable by law.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

📄 License

Distributed under the MIT License. See LICENSE for more information.

---

Made with ❤️ by AaryanBansal-Dev